this post was submitted on 08 Aug 2023
43 points (93.9% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54565 readers
477 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Remember to be careful with AUR. There's already been malicious code introduced via AUR after someone picked up orphaned PDF viewer as maintainer.
That was in 2018...
https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/
The AUR has the same risks as adding a ppa to a debian tree install, or downloading an rpm from a website.
If it's not in the official repository of your repo treat with caution
Yep, but it can happen again. There may already be something undiscovered.
The same is true for all package management systems that work the way that the AUR does.
Sure but that's true of any packaging system. The .deb or .rpm you just downloaded off not-a-scammer-honestly.com could just as easily be malware.
I know. I just wanted to mention that because AUR doesn't feel like downloading random stuff from internet when you're using it with something like yay.